Smart Buyer
  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
Top Posts
PC Cooling: How to Set up Computer Case...
5 Ways to Stream from PC to TV...
How to Choose the Correct RAM Upgrade
How to Troubleshoot a PC Power Supply
Four Apps that Make Your Tablet a Second...
2019 Solid State Drive (SSD) Buying Guide
6 Reasons Your PC is Slow and How...
How-to Guide: Small Office Network Setup
Born in the USA: Computer Hardware Made in...
Computer Monitor Buying Guide 2019

Smart Buyer

  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
NetSecNetworking

NGFW: Looking Behind the Dell SonicWALL

by Adam Lovinus May 9, 2016
by Adam Lovinus May 9, 2016 0 comment 7217 views

Once a business network grows beyond 10 or 20 endpoints, network security experts recommend adding a dedicated firewall security appliance—typically a Unified Threat Management Device (UTM) or a Next Generation Firewall (NGFW)—to your small office network setup.

For the most part, the terms UTM and NGFW are used interchangeably in the industry, and there are dozens of models for businesses to consider. While individual product pages provide background on what differentiates vendors’ hardware, on HardBoiled we like to get even more in depth with the help of the industry’s thought leaders.

Today we’ll be peering behind the Dell SonicWALL, examining what sets it apart from the other NGFW options available.

For this we are talking to Daniel Ayoub, a network security engineer who publishes in Network World and 2600 Magazine, and former product manager of the Dell SonicWALL line of security appliances.

NeweggBusiness partnered with Dell for a White Paper titled: Uncompromised Performance: Next Generation Firewalls and the Future of Network Security, which you can download here.

How does Dell define what a NGFW should be doing for a company and its network?

In basic terms, a Next-Generation Firewall (NGFW) leverages deep packet inspection (DPI) firewall technology by integrating intrusion prevention systems (IPS), and application intelligence and control. In order to achieve the highest return on investment (ROI) for bandwidth services and optimize an organization’s productivity level, while still ensuring maximum security, IT needs to make sure that traffic is thoroughly scanned with minimal latency for optimal throughput.

Why is balancing latency and security such a big challenge in network security today?

Organizations are suffering from application chaos. Real-time collaboration tools, Web 2.0 applications, instant messenger (IM) and peer-to-peer applications, Voice over IP (VoIP), streaming media and teleconferencing – each of these present conduits for potential attack. Many organizations cannot differentiate applications in use on their networks, and also have to contend with employees misusing network resources with sometimes dangerous web-based applications.

Conducting deep packet inspection (DPI) in multi-app environments takes major computing power. It creates network bottlenecks with some NGFWs, which in turn can negatively affect service levels and productivity for end users. To make matters worse, some IT organizations even disable functionality in their network security solutions to avoid slowdowns in network performance.

How does Dell SonicWALL hardware address the simultaneous need for protection and performance?

There are two key differentiators. Dell SonicWALL utilizes multi-core architecture in its NGFWs, and run a patented reassembly-free deep packet inspection technology (RFDPI) that is unique to Dell SonicWALL.

Let’s start with the proprietary RFDPI engine. What are the protection benefits that set it apart from other NGFW hardware?

Most competitive solutions available are capable of scanning only six protocols (HTTP, SMTP, IMAP, POP3, FTP and SMB), providing a false sense of security since any malicious traffic transmitted via any other protocol is not subject to inspection. Only Dell SonicWALL RFDPI scans every packet on all ports and protocol every time with comprehensive anti-x technology to allow for detection and blocking of known viruses and malware regardless of the transmitting protocol.

The RFDPI engine uses a combination of complex pattern matching, heuristics, correlation, advanced real time decision methodologies, normalization, (X, Y, Z and more), yet still maintains extremely high performance, low latency, and high efficiency, regardless of file size.

How might RFDPI technology guard against zero-day malware?

Dell SonicWALL’s intelligent malware detection technology looks for the elements in the flow that contain harmful code and can parse through the benign envelope of unimportant bits. Further, when it comes to determining vulnerabilities as part of file scanning, RFDPI is capable of parsing magic numbers (integer values used to determine file formats) and then compare them against predefined lists to compare actual versus expected file content values. These techniques allow the Dell SonicWALL RFDPI engine to identify new variants of malware, which may be disguised as innocent files, yet have never been seen before.

What advantages will users notice having a multi-core CPU in their NGFW?

They will see a boost in performance for two reasons. First, Cavium CPUs are custom built to ‘understand’ network communications at the hardware level. Additionally, they can parallel process data streams across multiple cores. Dell SonicWALL architecture enables each CPU to process a portion of network packets simultaneously in parallel with other CPUs, making optimal use of available processor cycles.

General-purpose processors rely on a single processing CPU for handling all functions. They do not provide any type of security acceleration, and usually require additional third-party security co-processors for the necessary security acceleration, which inefficiently increases development complexity. Since a general purpose processor runs at a higher clock speed and requires additional co-processors, it is less energy efficient, and consumes more power during general operation.

Multi-core NGFWs offer better scalability as well—can you explain why that is?

Other vendors’ NGFWs often have general-purpose processors and separate security co-processors added on— a solution that does not scale. Others have chosen to design and build ASIC (Application-Specific Integrated Circuits) platforms; with ASIC solutions, the lack of available microcode space may prevent the vendor from adding new functionality required to deal with changing protocols, upgraded standards or bugs without significant performance degradation. Moreover, ASICs are mainly used for SPI, as they perform very slowly for DPI.

The Dell SonicWALL SuperMassive E1000 Series recently earned high recognition from NSS Labs’ independent testing. This particular model is geared for large enterprises. Does the SonicWALL TZ-series for small businesses and branch offices use the same technology as the enterprise solutions?

The SonicOS architecture is at the core of every Dell SonicWALL firewall from the TZ Series to the SuperMassive E10800, so organizations can choose from an entire proven line which massively scales to meet the needs of the highest performance networks.

Learn more about which Dell SonicWALL NGFW is right for your organization’s network security  

Adam Lovinus

Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

More Posts - Website - Twitter - LinkedIn - Google Plus

Summary
NGFW: Looking Behind the Dell SonicWALL
Article Name
NGFW: Looking Behind the Dell SonicWALL
Description
What sets the Dell SonicWALL next-generation firewall (NGFW) apart from others on the market? Network security expert Daniel Ayoub explains.
Author
Adam Lovinus
0 comment
0
FacebookTwitterGoogle +PinterestEmail
Adam Lovinus
Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

previous post
Build a PC for Virtual Reality Content Development
next post
How to Set Up Free Anti-Phishing User Training

Related Posts

Anatomy of a Small Office Network [Infographic]

December 10, 2020

Remote Workforce Security: Tips and Best Practices

December 9, 2020

WiFi 6 and 5G: The Future of Connectivity

February 13, 2020

Aruba Instant On Wants to Simplify Your Small...

August 2, 2019

4 Easy Steps for Network Troubleshooting

July 10, 2019

How-to Guide: Small Office Network Setup

December 20, 2018

PoE+ Ethernet Switches Set the Bar for Business...

November 21, 2018

3 Tangible Productivity Benefits Realized in a Smart...

October 31, 2018

What is ‘Fileless’ Malware Found Inside Server Hardware?

October 4, 2018

How to Choose WiFi Equipment for an Office...

August 2, 2018

What's your take? Cancel reply

Subscribe

  • 1

    PC Cooling: How to Set up Computer Case Fans

    February 11, 2021
  • 2

    5 Ways to Stream from PC to TV or Digital Display

    May 23, 2016
  • 3

    How to Choose the Correct RAM Upgrade

    April 28, 2015
  • 4

    How to Troubleshoot a PC Power Supply

    July 11, 2018
  • 5

    Four Apps that Make Your Tablet a Second Monitor

    January 9, 2018
  • 6

    2019 Solid State Drive (SSD) Buying Guide

    December 6, 2018
  • 7

    6 Reasons Your PC is Slow and How to Fix It

    February 28, 2019
  • 8

    How-to Guide: Small Office Network Setup

    December 20, 2018
  • 9

    Born in the USA: Computer Hardware Made in America

    September 27, 2018
  • 10

    Computer Monitor Buying Guide 2019

    January 4, 2019

Newegg + Business

How is this different from Newegg.com?

Why NeweggBusiness?
  • Facebook
  • Twitter
  • Linkedin
  • Email